Generally, the concept of virtualization in information processing systems allows multiple instances of one or more operating systems to run on a single system, even though each operating system (OS) is designed to have complete, direct control over the system and its resources. Virtualization is typically implemented by using software (e.g., a VM monitor, or a “VMM”) to present to each OS a “VM” (“VM”) having virtual resources, including one or more virtual processors, that the OS may completely and directly control, while the VMM maintains a system environment for implementing virtualization policies such as sharing and/or allocating the physical resources among the VMs (the “virtualization environment”). Each OS, and any other software, that runs on a VM is referred to as a “guest” or as “guest software,” while a “host” or “host software” is software, such as a VMM, that runs outside of the virtualization machines.
The virtualization technologies have wide applications in the computer field with the development of computer systems. For example, such virtualization technologies can be used to implement a virtual desktop application which runs within a VM of a host and accessed from a client over a network, such as, for example, RHEV-M available from Red Hat, Inc. of Raleigh, N.C.
Typically, in such a configuration, after a client machine starts up, a user has to log onto a Web portal via a Web browser to select a VM (e.g., a virtual desktop) to be launched and accessed by the client. That is, the user needs to be authenticated both against the web portal to get a list of Vms, and afterward against the VM logon process. Usually on enterprise installations, both the web portal and the VM credential are kept in a centralized directory service. However, mechanisms exist today that allow for a single sign-on procedure for the user of a VM. The single sign-on procedure allows a user of the VM to be authenticated at a controller managing the VM and subsequently having the user's credentials passed on to an active directory server for use in further authentication procedures for the user without the user's knowledge and having to participate in additional sign-on procedures.
Currently, single sign-on mechanisms do not encompass additional security features that a VM may want to implement to protect the files of the VM. For instance, if additional security for the files of the VM, such as encryption and decryption of those files is desired, then additional time may be spent providing credentials for that security and managing the security process. As such, a mechanism to integrate security features for files of a VM, such as encryption and decryption of such files, with the single sign-on process for the VM would be beneficial.